Managing identities. TICAL 2012, Lima, Peru Roland Hedberg tisdag 3 juli 12

Size: px
Start display at page:

Download "Managing identities. TICAL 2012, Lima, Peru Roland Hedberg tisdag 3 juli 12"

Transcription

1 Managing identities TICAL 2012, Lima, Peru Roland Hedberg

2 Who am I? Got into networking in 1987 Managed computer networks and network applications Worked with standardisation of directory technologies Software developer/senior researcher

3 Umeå, Sweden Latitude: 63 50' North Longitude: 20 15' East

4 Topics Why How Future

5 What s an identity?

6 What s an identity? The collective aspect of the set of characteristics by which a thing is definitively recognizable or known.

7 What s an identity? The collective aspect of the set of characteristics by which a thing is definitively recognizable or known.

8 What s an identity? The collective aspect of the set of characteristics by which a thing is definitively recognizable or known. A set of attributes and values

9 Why?

10 Historic progression late 80 A set of completely autonomous systems

11 1st transition LDAP mid 90 Some know how to use LDAP LDAP is populated manually

12 2nd transition 2007 Single-Sign-On ubiquitous in-house Extra info from LDAP SSO Metadirectory

13 3rd transition today Identity federations SAML Eduroam

14 IdPs over the world as seen from Norway

15 Driving forces 1st & 2nd transition Centralized cheaper than decentralized 3rd transition User convinience and economy of scale

16 Eduroam

17 Eduroam status 43 member NROs > 5300 service locations (Au, Nz) 250 M successful authn (~6% international) may april 2012 eduroam is ranked as 27th most widely used SSID (5th most frequent operator SSID)

18 Why! Enables trustworthy exchange of information between federations Reduces the costs of developing and operating services Improves the security and end-user experience of services Enables service providers to greatly expand their user base Enables identity providers to increase the number of services available to their users

19 How

20 SWAMID offers quality assured and secure identification of employees, students, alumni and other associated in higher education in Sweden, in the Nordic countries, in the rest of Europe and also in North America and Asia. The edugain service is intended to enable the trustworthy exchange of information related to identity, authentication and authorisation between the GÉANT (GN3) Partners' federations. InCommon provides a secure and privacy-preserving trust fabric for research and higher education institutions, and their partners, in the United States.

21 SWAMID offers quality assured and secure identification of employees, students, alumni and other associated in quality higher education assured in Sweden, in the Nordic countries, in the rest of Europe and also in North America and Asia. The edugain service is intended to enable the trustworthy trustworthy exchange of information exchange related to identity, authentication and authorisation between the GÉANT (GN3) Partners' federations. InCommon provides a secure and privacy-preserving trust fabric trust fabric for research and higher education institutions, and their partners, in the United States.

22 TRUST

23 Federation policies SWAMID Federation Policy v2.0 SWAMID Basic Identity Assurance Profile v1.0 SWAMID eduroam Technology Profile v1.0 SWAMID SAML WebSSO Technology Profile v1.0

24 Explicit trust Kantara Identity Assurance Framework (IAF) Common Organizational Service Assessment Criteria Operational Service Assessment Criteria

25 Trust in Security environment IdM checklist

26 Some outstanding issues

27 Problem of scale A few services has many users Many services has few users

28 Which identity provider to use? OpenID NASCAR problem Where Are You From (WAYF)

29 Attribute releases Specific for every Identity - Service provider pair Solution Service categories

30 Service examples

31 SWAMID coverage All universities with more than 1000 FTE students are part of SWAMID ~ 97 % of all students and employees

32 Studera.nu

33 NyA-webben Student administration Student admission system Base user urn:mace:swami.se:gmai:nya-dw:base:o=yy Department user urn:mace:swami.se:gmai:nya-dw: department:o=yy:noreduorgunituniquenumber=zzzz

34 Adobe Connect

35 BOX.COM Business agreement between SUNET and BOX.COM

36 Hospital contact

37 Foodl https://foodl.org/

38 Future

39 Non-web Project Moonshot is a JANET(UK)-led initiative, in partnership with the GEANT project and others, to develop a single unifying technology for extending the benefits of federated identity to a broad range of non-web services, including Cloud infrastructures, High Performance Computing & Grid infrastructures and other commonly deployed services including mail, file store, remote access and instant messaging.

40 The great divide Higher Education and public services SAML2 Social services OpenId/OAuth2/OpenId Connect

41 Conclusion Get your identity management in order Document and secure your IdM process Join the Identity federations

Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase

Federations 101. An Introduction to Federated Identity Management. Peter Gietz, Martin Haase Authentication and Authorisation for Research and Collaboration Federations 101 An Introduction to Federated Identity Management Peter Gietz, Martin Haase AARC NA2 Task 2 - Outreach and Dissemination DAASI

More information

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1 Item Count Provisioning/Deprovisioning Automated Deprovisioning 1 Automated on/off boarding from an authoritative source AUTOMATED [DE-]PROVISIONING 1 Removal of resources at the appropriate time 1 Timeliness

More information

Identity Management: Background, Principles, GENI

Identity Management: Background, Principles, GENI Identity Management: Background, Principles, GENI Topics Internet identity What s been happening Gaps Identity Management Includes identity and access control via groups and roles Adapting apps to use

More information

Licia Florio Project Development Officer licia@terena.org www.terena.org Identity Federations in Europe

Licia Florio Project Development Officer licia@terena.org www.terena.org Identity Federations in Europe APAN Conference Honolulu, Hawaii 24 January 2008 Licia Florio Project Development Officer licia@terena.org www.terena.org Identity Federations in Europe Outline Networking Organisations in Europe Requirements

More information

Enabling SAML for Dynamic Identity Federation Management

Enabling SAML for Dynamic Identity Federation Management Enabling SAML for Dynamic Identity Federation Management Patricia Arias, Florina Almenárez, Andrés Marín and Daniel Díaz-Sánchez University Carlos III of Madrid http://pervasive.gast.it.uc3m.es/ WMNC 2009

More information

Enabling a federated environment to support biomedical research. Gianmauro Cuccuru CRS4

Enabling a federated environment to support biomedical research. Gianmauro Cuccuru CRS4 Enabling a federated environment to support biomedical research Gianmauro Cuccuru CRS4 ELIXIR connects national bioinformatics centres and EMBL- EBI into a sustainable European infrastructure for biological

More information

Issues in federated identity management

Issues in federated identity management Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh 1 Contents Federated identity management overview Open issues for federations 2 Introduction Federated identity

More information

TRUST AND IDENTITY EXCHANGE TALK

TRUST AND IDENTITY EXCHANGE TALK TRUST AND IDENTITY EXCHANGE TALK Ken Klingenstein, Internet2 2015 Internet2 Trust and Identity Why It Matters An Identity Layer for the Internet Benefits for the Rest of the Stack What It Is Technologies

More information

RedIRIS Identity Service

RedIRIS Identity Service RedIRIS Identity Service latest news and developments Jaime Pérez Middleware Engineer FAM11 London, November 09 th 2011 Intro & numbers The research & education federation in Spain Hub & Spoke Supports

More information

Разработка программного обеспечения промежуточного слоя. TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet

Разработка программного обеспечения промежуточного слоя. TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet Разработка программного обеспечения промежуточного слоя TERENA BASNET Workshop, 16-17 November 2009 Joost van Dijk - SURFnet Contents - SURFnet Middleware Services department: - eduroam, SURFfederatie,

More information

Identity Management Systems for Collaborations and Virtual Organizations

Identity Management Systems for Collaborations and Virtual Organizations Identity Management Systems for Collaborations and Virtual Organizations Topics Update on Internet identity IdM Systems for Virtual Organizations Goals Early Implementations Issues and Discussions Update

More information

DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture

DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture Sascha Neinert Marseille, 06.02.2008, Sascha Neinert, 06.02.2008 Seite 1 Overview Project Goals Partners Network

More information

Federated Identity- and Access Management for the Max-Planck Society

Federated Identity- and Access Management for the Max-Planck Society Federated Identity- and Access Management for the Max-Planck Society Organisational Aspects & Funding Prof. Dr. Ramin Yahyapour Christof Pohl, Andreas Ißleiber GWDG Gesellschaft für wissenschaftliche Datenverarbeitung

More information

Enterprise & Vertical Reporting. Challenges and Solutions

Enterprise & Vertical Reporting. Challenges and Solutions Enterprise & Vertical Reporting Challenges and Solutions The Challenge: How do you design a real time data collection system that is scalable for states and districts that is easy to use and extendible

More information

Identity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees

Identity Management. Manager, Identity Management. Academic Technology Services. Michigan State University Board of Trustees Identity Management and Shibboleth h at MSU Jim Green Manager, Identity Management Michigan State t University it Academic Technology Services Identity Management Definition: Identity management is the

More information

Cloud federation. Prelude to Hybrid Clouds. CHEP 2015 Okinawa, Japan. Marek Denis CERN Geneva, Switzerland

Cloud federation. Prelude to Hybrid Clouds. CHEP 2015 Okinawa, Japan. Marek Denis CERN Geneva, Switzerland Cloud federation CHEP 2015 Okinawa, Japan Prelude to Hybrid Clouds Marek Denis CERN Geneva, Switzerland Basic definitions OpenStack: An Open Source Cloud Managing System which allows implementors to: --

More information

Collaboration in the Cloud. Niels van Dijk, SURFnet, niels.vandijk@surfnet.nl CAMP, Nov 15 2013, San Francisco

Collaboration in the Cloud. Niels van Dijk, SURFnet, niels.vandijk@surfnet.nl CAMP, Nov 15 2013, San Francisco Collaboration in the Cloud Niels van Dijk, SURFnet, niels.vandijk@surfnet.nl CAMP, Nov 15 2013, San Francisco R&E SURF in and The SURFnet Netherlands: SURF and SURFnet National Research & Education Network

More information

Development and deployment of integrated attribute based access control for collaboration

Development and deployment of integrated attribute based access control for collaboration Development and deployment of integrated attribute based access control for collaboration Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications

More information

Deliverable D9.2 Market Analysis for Virtual Organisation Platform as a Service (VOPaaS)

Deliverable D9.2 Market Analysis for Virtual Organisation Platform as a Service (VOPaaS) 19-11-2015 Contractual Date: 30-09-2015 Actual Date: 19-11-2015 Grant Agreement No.: 691567 Activity: SA5 Task Item: 4 Nature of Deliverable: R (Report) Dissemination Level: PU (Public) Lead Partner: AMRES

More information

How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data

How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data 2014 Fifth International Conference on Computing for Geospatial Research and Application How Single-Sign-On Improves The Usability Of Protected Services For Geospatial Data Andreas Matheus University of

More information

IAMUCLA 2.0 SSO Updates

IAMUCLA 2.0 SSO Updates IAMUCLA 2.0 SSO Updates Common Systems Group Meeting July 27, 2015 IAMUCLA 2.0 Projects Password Security Concerns Technology Evolution Health Systems SSO Support Departmental/Service Accounts Testing

More information

edugain: services and identity

edugain: services and identity edugain: services and identity Brook Schofield edugain Task Leader, GN3 Project & Project Development Officer, TERENA schofield@terena.org Innovation through participation edugain status (in numbers)!

More information

A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR

A Shibboleth View of Federated Identity. Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR A Shibboleth View of Federated Identity Steven Carmody Brown Univ./Internet2 March 6, 2007 Giornata AA - GARR Short Section Title Agenda Assumptions and Trends Identity Management and Shibboleth Shibboleth

More information

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de

More information

Federated Identity Management Checklist

Federated Identity Management Checklist Federated Identity Management Checklist This document lists the minimum (marked with an *) and recommended policy, process, and technical steps required to implement Federated Identity Management and operate

More information

SD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier

SD Departmental Meeting November 28 th, 2006. Ale de Vries Product Manager ScienceDirect Elsevier ש בולת SD Departmental Meeting November 28 th, 2006 Ale de Vries Product Manager ScienceDirect Elsevier Shi... whát? : Shibboleth ש בולת [...] "stream, torrent". It derives from a story in the Hebrew Bible,

More information

Business Plan. October 2014

Business Plan. October 2014 Business Plan 2015 October 2014 Business Plan 2015 CONTENTS 1. Executive Summary... 2 2. Introduction... 5 3. Operational Business Activities in 2015... 6 3.1 Operational Support Services... 6 3.2 Professional

More information

GARR Cloud Services. GARR strategy towards the provisioning of Cloud Services. Mario.Reale@garr.it. On behalf of the GARR Cloud Team

GARR Cloud Services. GARR strategy towards the provisioning of Cloud Services. Mario.Reale@garr.it. On behalf of the GARR Cloud Team Cloud Services strategy towards the provisioning of Cloud Services Mario.Reale@garr.it On behalf of the Cloud Team Fabio Farina, Mario Reale, Cristiano Valli, Fulvio Galeazzi, Simon Vocella, Andrea Biancini,

More information

Secure Your Enterprise with Usher Mobile Identity

Secure Your Enterprise with Usher Mobile Identity Secure Your Enterprise with Usher Mobile Identity Yong Qiao, Vice President of Software Engineering & Chief Security Architect, MicroStrategy Agenda Introduction to Usher Unlock the enterprise Dematerialize

More information

Authentication Integration

Authentication Integration Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication

More information

Ping Identity, Euro Cloud award entry

Ping Identity, Euro Cloud award entry Ping Identity, Euro Cloud award entry Category: Best Cloud Offering Product: PingFederate 6.6 About Ping Identity Ping Identity is the cloud identity security leader, specialising in cloud identity, security,

More information

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department jmikhael@masdar.ac.ae Masdar Institute Single Sign-On: Standards-based Identity Federation John Mikhael ICT Department jmikhael@masdar.ac.ae Agenda The case for Single Sign-On (SSO) Types of SSO Standards-based Identity Federation

More information

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On A Federated Authorization and Authentication Infrastructure for Unified Single Sign On Sascha Neinert Computing Centre University of Stuttgart Allmandring 30a 70550 Stuttgart sascha.neinert@rus.uni-stuttgart.de

More information

Shibboleth User Verification Customer Implementation Guide 2015-03-13 Version 3.5

Shibboleth User Verification Customer Implementation Guide 2015-03-13 Version 3.5 Shibboleth User Verification Customer Implementation Guide 2015-03-13 Version 3.5 TABLE OF CONTENTS Introduction... 1 Purpose and Target Audience... 1 Commonly Used Terms... 1 Overview of Shibboleth User

More information

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security Secure WiFi Access in Schools and Educational Institutions WPA2 / 802.1X and Captive Portal based Access Security Cloudessa, Inc. Palo Alto, CA July 2013 Overview The accelerated use of technology in the

More information

GN4-1 White Paper: Issues and Solutions for SAML Identity Federation Statistics

GN4-1 White Paper: Issues and Solutions for SAML Identity Federation Statistics 20 January 2016 GN4-1 White Paper: Issues and Solutions for Supporting Documentation Work Package/Activity: 09/SA5 Task Item: Task 1 Dissemination Level: PU (Public) Lead Partner: GÉANT Association Author:

More information

Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure

Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure Ahmed Shiraz Memon (JSC - DE) Jens Jensen (STFC escience - UK) Ales Cernivec (XLAB - SL) Krzysztof Benedyczak

More information

Business Plan November ABN[Type text] A.B.N.:

Business Plan November ABN[Type text] A.B.N.: AB Business Plan 2016 November 2015 ABN[Type text] A.B.N.: 13 155 355 685 AAF Inc. Business Plan 2016 Business Plan 2016 CONTENTS 1. Executive Summary... 2 2. Introduction... 5 3. Operational Business

More information

Overcoming Barriers to Federation and Making IdPs Easier

Overcoming Barriers to Federation and Making IdPs Easier Overcoming Barriers to Federation and Making IdPs Easier Paul Caskey, Internet2 Janemarie Duh, Lafayette College Chris Phillips, CANARIE David Walker, Internet2 Overview Barriers to Deploying an IdP and

More information

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources

Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources Federated Identity: Leveraging Shibboleth to Access On and Off Campus Resources Paul Riddle University of Maryland Baltimore County EDUCAUSE Mid-Atlantic Regional Conference January 16, 2008 Copyright

More information

VOPaaS Virtual Organisation Platform as a Service

VOPaaS Virtual Organisation Platform as a Service VOPaaS Virtual Organisation Platform as a Service Marina Adomeit Task Leader, AMRES, Serbia Niels Van Dijk Technical Lead, SURFnet, The Netherlands FIM4R meeting Nov 30, 2015, Austria About VOPaaS in GÉANT

More information

Identity and Access Management for LIGO: International Challenges

Identity and Access Management for LIGO: International Challenges Identity and Access Management for LIGO: International Challenges Scott Koranda for LIGO and CTSC University of Wisconsin-Milwaukee November 14, 2012 LIGO-XXXXXXXX-v1 1 / 26 LIGO Science Mission LIGO,

More information

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication

More information

Identity Federation For Authenticating and Authorizing Researchers

Identity Federation For Authenticating and Authorizing Researchers Identity Federation For Authenticating and Authorizing Researchers Cletus Okolie NOC Manager Eko-Konnect Research and Education Initiative Outline What are IdFs? IdF components Software Packages for IdF

More information

Federated Wikis Andreas Åkre Solberg andreas@uninett.no

Federated Wikis Andreas Åkre Solberg andreas@uninett.no Federated Wikis Andreas Åkre Solberg andreas@uninett.no Wikis in the beginning...in the beginning wikis were wide open. Great! - But then the spammers arrived. Password protected wikis Create yet another

More information

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) To set up ADFS so that your employees can access Egnyte using their ADFS credentials,

More information

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014 Introduction to Identity and Access Management for the engineers Radovan Semančík April 2014 How it works now? Manager Admin Login Users Login Admin Login Login Login Theory Manager Admin Forgot password

More information

HOL9449 Access Management: Secure web, mobile and cloud access

HOL9449 Access Management: Secure web, mobile and cloud access HOL9449 Access Management: Secure web, mobile and cloud access Kanishk Mahajan Principal Product Manager, Oracle September, 2014 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle

More information

Experiences in Supporting Service Providers and User Communities. Lukas Hämmerle, GÉANT/SWITCH AAI@eduHR Conference 26 November 2014

Experiences in Supporting Service Providers and User Communities. Lukas Hämmerle, GÉANT/SWITCH AAI@eduHR Conference 26 November 2014 Experiences in Supporting Service Providers and User Communities Lukas Hämmerle, GÉANT/SWITCH AAI@eduHR Conference 26 November 2014 Who am I! Work almost 10 years for SWITCH (Swiss NREN)! Mostly involved

More information

INF3510 Information Security University of Oslo Spring 2012. Lecture 8 Identity and Access Management. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2012. Lecture 8 Identity and Access Management. Audun Jøsang INF3510 Information Security University of Oslo Spring 2012 Lecture 8 Identity and Access Management Audun Jøsang Outline Identity and access management concepts Identity management models Access control

More information

Modern Approach for User and Service Management. Michal Procházka CESNET Czech Republic

Modern Approach for User and Service Management. Michal Procházka CESNET Czech Republic Modern Approach for User and Service Management Michal Procházka CESNET Czech Republic Motivation Users want to access valuable services Ideally using one digital identity vs. Service providers need to

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

Adding Federated Identity Management to Openstack

Adding Federated Identity Management to Openstack Adding Federated Identity Management to Openstack David Chadwick d.w.chadwick@kent.ac.uk 5 April 2014 Cloud Computing Security and Identity Workshop, NMOC 1 OpenStack Large open source project to develop

More information

Identity and Access Management for Federated Resource Sharing: Shibboleth Stories

Identity and Access Management for Federated Resource Sharing: Shibboleth Stories Identity and Access Management for Federated Resource Sharing: Shibboleth Stories http://arch.doit.wisc.edu/keith/apan/ apanshib-060122-01.ppt Keith Hazelton (hazelton@doit.wisc.edu) Sr. IT Architect,

More information

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon

More information

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014 Standards for Identity & Authentication Catherine J. Tilton 17 September 2014 Purpose of these standards Wide deployment of authentication technologies that may be used in a global context is heavily dependent

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: McGill University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert

More information

EXECUTIVE VIEW. EmpowerID 2013. KuppingerCole Report. By Peter Cummings October 2013. By Peter Cummings pc@kuppingercole.

EXECUTIVE VIEW. EmpowerID 2013. KuppingerCole Report. By Peter Cummings October 2013. By Peter Cummings pc@kuppingercole. KuppingerCole Report EXECUTIVE VIEW By Peter Cummings October 2013 EmpowerID 2013 By Peter Cummings pc@kuppingercole.com October 2013 Content 1 Vendor Profile... 3 2 Product Description... 4 2.1 Single

More information

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University UNI TY UNIfied identity management Krzysztof Benedyczak ICM, Warsaw University Outline The idea Local database Groups, Entities, Identities and Attributes UNITY Authorization Local authentication Credentials

More information

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach IDENTITY MANAGEMENT AND WEB SECURITY A Customer s Pragmatic Approach AGENDA What is Identity Management (IDM) or Identity and Access Management (IAM)? Benefits of IDM IDM Best Practices Challenges to Implement

More information

Single Sign On. SSO & ID Management for Web and Mobile Applications

Single Sign On. SSO & ID Management for Web and Mobile Applications Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

More information

From centralized to single sign on

From centralized to single sign on The LemonLDAP::NG project Abstract LemonLDAP::NG is a modular WebSSO (Web Single Sign On) software based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the

More information

Joint Research Activity 5 Task Force Mobility

Joint Research Activity 5 Task Force Mobility Joint Research Activity 5 Task Force Mobility Network authentication with Network Roaming with eduroam Stefan Winter TREFpunkt 13, Örebro, Sweden 12 Oct 2005 1 Overview Differences

More information

eduroam(radius based Federation)

eduroam(radius based Federation) eduroam(radius based Federation) Deokjai Choi (Chonnam National University, Korea) 2015. 8. 18 WHAT IS eduroam? eduroam: EDUcation ROAMing Provides secure internet access for academic roamers. User experience

More information

An introduction of several development activities related to Shibboleth and Web browser-based simple PKI

An introduction of several development activities related to Shibboleth and Web browser-based simple PKI An introduction of several development activities related to Shibboleth and Web browser-based simple PKI Toyokazu Akiyama 1, Motonori Nakamura 2, Takeshi Nishimura 2, Kazutsuna Yamaji 2, Yukiko Kawai 1

More information

External and Federated Identities on the Web

External and Federated Identities on the Web External and Federated Identities on the Web Jan Pazdziora Sr. Principal Software Engineer Identity Management Special Projects, Red Hat 1 st October 2015 Scope and problem statement Applications get deployed

More information

perfsonar AAI for network-oriented services Cándido Rodríguez candido.rodriguez@rediris.es

perfsonar AAI for network-oriented services Cándido Rodríguez candido.rodriguez@rediris.es perfsonar AAI for network-oriented services Cándido Rodríguez candido.rodriguez@rediris.es 10 th TF-EMC2 Meeting - Marseille, 4 th -5 th February 08 1.16 Agenda 1.Scenario of perfsonar 2. Using edugain

More information

Active Directory Integration WHITEPAPER

Active Directory Integration WHITEPAPER Active Directory Integration WHITEPAPER Even as enterprises continue to adopt more cloud applications, Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) still play a critical role

More information

Adding Federated Identity Management to OpenStack

Adding Federated Identity Management to OpenStack Adding Federated Identity Management to OpenStack David Chadwick University of Kent 3 December 2012 University of Kent 1 Some Definitions What is Identity? A whole set of attributes that in combination

More information

Identity Management in the Asia Pacific Region: Facilitating Secure and Easy Access to Online Services

Identity Management in the Asia Pacific Region: Facilitating Secure and Easy Access to Online Services CHAIN REDS Final Conference, Brussels, 31 March, 2015 Identity Management in the Asia Pacific Region: Facilitating Secure and Easy Access to Online Services Suhaimi Napis, PhD Universiti Putra Malaysia

More information

Integrating Multi-Factor Authentication into Your Campus Identity Management System

Integrating Multi-Factor Authentication into Your Campus Identity Management System Integrating Multi-Factor Authentication into Your Campus Identity Management System Mike Grady, Unicon David Walker, Internet2 (both associated with the Internet2 Scalable Privacy Project) Agenda Multi-Context

More information

Identity Governance Evolution

Identity Governance Evolution Identity Governance Evolution Paola Marino Principal Sales Consultant Agenda Oracle Identity Governance Innovation Cloud Scenarios enabled by Oracle Identity Platform Agenda Oracle

More information

My Private Cloud. Project Objectives

My Private Cloud. Project Objectives My Private Cloud David W Chadwick University of Kent 1 Dec 2011 IEEE CloudCom 2011 1 Project Objectives Migrate (as much as possible in 6 months of) the trust, security and privacy preserving infrastructure

More information

InCommon Basics and Participating in InCommon

InCommon Basics and Participating in InCommon InCommon Basics and Participating in InCommon A Summary of Resources Updated October 25, 2013 Copyright 2011-2013 by Internet2, InCommon and/or the respective authors Table of Contents TABLE OF CONTENTS

More information

GÉANT IaaS suppliers meeting Towards Pan-European Cloud Services. Utrecht October 14 2015

GÉANT IaaS suppliers meeting Towards Pan-European Cloud Services. Utrecht October 14 2015 GÉANT IaaS suppliers meeting Towards Pan-European Cloud Services Utrecht October 14 2015 Why and what TODAY More information about IaaS delivery through GÉANT Tender Provider GÉANT interaction Opportunity

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

Federated Identity for Cloud Computing and Cross-organization Collaboration

Federated Identity for Cloud Computing and Cross-organization Collaboration Federated Identity for Cloud Computing and Cross-organization Collaboration Steve Moitozo Strategy and Architecture SIL International 20110616.2 (ICCM) Follow me @SteveMoitozo2 2 Huge Claims You want federated

More information

An Infocard-based proposal for unified SSO to eduroam

An Infocard-based proposal for unified SSO to eduroam An Infocard-based proposal for unified SSO to eduroam Enrique de la Hoz, Antonio García, Diego López, Samuel Muñoz University of Alcala (Spain), RedIRIS (Spain) TNC2009, Málaga (Spain), June 9 th 2009

More information

IDP Installer Overview

IDP Installer Overview IDP Installer Overview Facilitating access to the CAF ecosystem Wendy Petersen November 2013 CANARIE Ottawa Outline CAF services overview Eduroam infrastructure Shibboleth infrastructure Deployment challenges

More information

Standardisation of eduroam Testing, Monitoring, Metrics and Support Tools

Standardisation of eduroam Testing, Monitoring, Metrics and Support Tools STANDARDISATION OF EDUROAM TESTING, MONITORING, METRICS AND SUPPORT TOOLS Page 1/16 20 January 2014 Standardisation of eduroam Testing, Monitoring, Metrics and Support Tools Neil Witheridge neil.witheridge@aarnet.edu.au

More information

Increase the Security of Your Box Account With Single Sign-On

Increase the Security of Your Box Account With Single Sign-On A Box White Paper Increase the Security of Your Box Account With Single Sign-On Box s high level of security, 24x7 support and 99.9% uptime are critical for us. The biggest benefits are the reliability

More information

OpenID Connect for SURFconext

OpenID Connect for SURFconext OpenID Connect for SURFconext Assessment of the OpenID Connect protocol for Federations of Higher Education and Research Project : Samenwerkingsinfrastructuur Projectjaar : 2012 Projectmanager : Bas Zoetekouw

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

Toward campus portal with shibboleth middleware

Toward campus portal with shibboleth middleware Toward campus portal with shibboleth middleware Eisuke Ito and Masanori Nakakuni itou@cc.kyushu u.ac.jp, Kyushu University nak@fukuoka u.ac.jp, Fukuoka University Outline 1. Background 2. Shibboleth 3.

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

Identity Management for the Cloud

Identity Management for the Cloud Identity Management for the Cloud New answers to old questions 10. Anwenderkonferenz Softwarequalität, Test und Innovationen 6. und 7. September 2012 Alpen-Adria-Universität Klagenfurt Dr. Horst Walther,

More information

Federated Identity Management

Federated Identity Management Federated Identity Management SWITCHaai Team aai@switch.ch Agenda 2 What is Federated Identity Management? What is a Federation? The SWITCHaai Federation Interfederation Evolution of Identity Management

More information

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

InCommon Affiliate Webinar Series

InCommon Affiliate Webinar Series InCommon Affiliate Webinar Series Aegis Identity Case Study: Just-in-Time Provisioning and IDP Proxy Management November 19, 2014 CASE STUDY IN JUST-IN-TIME PROVISIONING AND IDP PROXY MANAGEMENT Jim Faut

More information

EUDAT Federated AAI TF (Authentication Authorization Infrastructure Task Force)

EUDAT Federated AAI TF (Authentication Authorization Infrastructure Task Force) EUDAT Federated AAI TF (Authentication Authorization Infrastructure Task Force) EUDAT WP5 Slides by Jens Jensen+AAITF Presented by Claudio Cacciari (c.cacciari@cineca.it) Date:2012/03/08 Outline Background

More information

Copyright: WhosOnLocation Limited

Copyright: WhosOnLocation Limited How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and

More information

MY1LOGIN SOLUTION BRIEF: PROVISIONING. Automated Provisioning of Users Access to Apps

MY1LOGIN SOLUTION BRIEF: PROVISIONING. Automated Provisioning of Users Access to Apps MY1LOGIN SOLUTION BRIEF: PROVISIONING Automated Provisioning of Users Access to Apps MY1LOGIN SOLUTION BRIEF: PROVISIONING Automated Provisioning of Users Access to Apps The ability to centrally provision

More information

The Future of Cloud Identity Security. Michael Schwartz Founder / CEO Gluu

The Future of Cloud Identity Security. Michael Schwartz Founder / CEO Gluu The Future of Cloud Identity Security Michael Schwartz Founder / CEO Gluu Session ID: IAM-207 Session Classification: General Interest Background 2 Finally an Internet Identity Foundation 3 Who is behind

More information

Introduction to Identity Management. Sam Lee, Outblaze Ltd.

Introduction to Identity Management. Sam Lee, Outblaze Ltd. Introduction to Identity Management Sam Lee, Outblaze Ltd. Agenda Background Identity Management Single Sign-On Federation Future s Identity management Conclusions 2 Background Why identity management?

More information

Active Directory Integration 855.426.7227. www.onelogin.com twitter.com/onelogin ONELOGIN WHITEPAPER

Active Directory Integration 855.426.7227. www.onelogin.com twitter.com/onelogin ONELOGIN WHITEPAPER Active Directory Integration Even as enterprises continue to adopt more cloud applications, Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) still play a critical role in how information

More information

InCommon Affiliates Webinar Three Case Studies with Unicon September 18, 2013

InCommon Affiliates Webinar Three Case Studies with Unicon September 18, 2013 InCommon Affiliates Webinar Three Case Studies with Unicon September 18, 2013 John O Keefe, VP IT & CIO, Lafayette College Keith Hazelton, Senior IT Architect, University of Wisconsin-Madison Tim Calhoon,

More information

NORDUnet. AGREEMENT ADDENDUM No. 05 between. NORDUnet Af S Kastruplundgade 22 DK-2770 Kastrup DENMARK. UNINETf Abels gate 5 NO-7030 Trondheim NORWAY

NORDUnet. AGREEMENT ADDENDUM No. 05 between. NORDUnet Af S Kastruplundgade 22 DK-2770 Kastrup DENMARK. UNINETf Abels gate 5 NO-7030 Trondheim NORWAY NORDUnet AGREEMENT ADDENDUM No. 05 between NORDUnet Af S Kastruplundgade 22 DK-2770 Kastrup DENMARK And UNINETf Abels gate 5 NO-7030 Trondheim NORWAY regard ing Idp proxy for box NORDUnet I UNINETT Agreement

More information

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps

Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps Sofia Event Center 14-15 May 2014 Single-Sign-On between On-Premises and the Cloud: Leveraging Windows Azure Active Directory to authenticate custom solutions and Apps Radi Atanassov SharePoint MCM & MVP

More information